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Method for payment via the Internet 

The present invention relates to a method for processing a transaction between a first 
computer application and a second computer application. More specifically, the invention 
5 relates to a method for processing a transaction via a network, such as the Internet. The 
first computer application is, for example, implemented on a computer of a supplier of 
services and/or products and the second computer application can be implemented on a 
computer of a user who can be connected via the network to the supplier*s computer, so 
that the user is able to view and order services and/or products. 

10 A second aspect of the invention relates to the provision of a medium that contains 

the data needed to carry out the method according to the invention. 

A secure and reliable method of paying for the services and/or products purchased 
is crucial in the case of transactions of this type. A known method of payment via, for 
example, the Internet is to pass on the card number and the expiry date of a credit card, 

15 after which the supplier who supplies the service and/or the product is then paid by the 
credit card company. 

Another known method of payment is to open a customer account for the supply of 
services or products with a supplier. The customer is then able to order services and/or 
products from the supplier via, for example, the Internet, provided that he/she has sufficient 

20 credit in his/her account. Usually he/she will then have to enter a user name and a 
password when ordering. 

The known methods of payment have a number of significant disadvantages. 
Registration of the customer, either directly by the supplier or indirectly via a credit card 
company, is usually required, which costs time, has the effect of increasing the barrier to 

25 be overcome and gives no guarantee of privacy and/or anonymity. It can also be necessary 
for the user's computer to be equipped with, for example, a smart card reader with special 
software, which incurs additional costs and ensures that the user is tied to that specific 
computer. These disadvantages lead to a customer being less readily inclined to make 
occasional or impulse payments for services and/or products which, for example, can be 

30 supplied via the Internet. 

Further disadvantages are that the known methods of payment are tied to a person and 
that there is a security risk. For example, the number and the expiry date of the credit card 
can be intercepted, after which the credit card can be misused to charge up an appreciable 
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sum. 

The object of the present invention is to provide a method for processing a 
transaction which does not have the said disadvantages of the known methods. 

The object is achieved by means of a method of the type defined in the preamble, 
5 characterised in that the method comprises the following steps: 

(a) transmission of a first message by the first computer application to a third 
computer application in order to activate a payment program on the third computer 
application; 

(b) transmission of a second message by the third computer application to the 
10 second computer application in order to activate a payment program on the second 

computer application; 

(c) a request by the second computer application for input of a card number, which 
is specified on a card, by the user, after which the second computer application then 
transmits a third message containing the card number to the third computer application; 

15 (d) checking of the card number and determination of the serial number of one of 

a plurality of associated security codes by the third computer application, after which the 
third computer application transmits a fourth message to the second computer application, 
the fourth message containing the serial number of the security code; 

(e) a request by the second computer application to the user to enter that security 
20 code specified on the card which is associated with the serial number transmitted, after 

which the second computer application transmits a fifth message containing the security 
code to the third computer application; 

(f) checking by the third computer application that the security code associated 
with the serial number and card number corresponds to the security code received from the 

25 second computer application, after which a sixth message is transmitted by the third 
computer application to the first and second computer applications, the sixth message 
containing an acceptance or refusal of the transaction. 

The third computer application is, for example, implemented on a computer belonging 
to a body which issues the cards and conducts the transactions. 
30 The codes and numbers associated with a card are known only to the body which 

implements the third computer application and are specified on a card which is in the 
possession of the user who uses the second computer application to make payments. 

The advantage of the method for processing a transaction between a first computer 
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application and a second computer application according to the present invention is that 
there is no requirement for registration of the user with the supplier and the body which 
issues the cards, which gives a guarantee of privacy and, if desired, anonymity. 

Furthermore, as soon as an associated card has been purchased the card can be used 
5 to conduct transactions, as a result of which the method is suitable for occasional and 
impulse purchases. 

No additional equipment and/or software is required, which makes the method 
according to the invention inexpensive and simple. Furthermore, the user is not tied to a 
special computer provided with additional peripherals and/or software. 
10 The outstanding balance on the card is linked to the card number and not to a person. 

Therefore, it is also possible to transfer the card to someone else or to let someone else use 
the card. 

The method is suitable for transactions where payment is made in currency, but also 
for transactions where other units are used (for example x accesses to a database, y games, 
15 z weather reports). 

Furthermore, the method according to the invention is suitable for both credit and 
debit transactions. 

Because multiple security codes are used, it is unpredictable which security code will 
be used. Tapping data traffic is thus virtually pointless because a different security code 
20 can be used for a subsequent transaction with the same card. 

The level of security can be tailored to the desired requirements. For example, the 
security codes can be made longer or, on the contrary, shorter and the number of security 
codes specified on the card can be increased or reduced. 

With the method according to the invention, the risk of messages being tapped, 
25 misuse or loss is always restricted to the value of the outstanding balance on the card and 
not, as in the case of a credit card, to the credit limit of the card. 

If the outstanding balance on a card is not sufficient to complete a transaction, steps 
(c) to (f) of the method can be repeated with another card. 

In one embodiment of the method according to the invention, the computer 
30 applications are implemented on at least two computers which are linked to one another 
via a network, for example, the Internet. 

As a result a user is able to view, order and pay for products and/or services from 
a supplier remotely. The first and third computer applications are then, for example, both 
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implemented on a computer located on the supplier's premises, which, for example, can be 
linked via the Intemet to a user's computer on which the second computer application is 
implemented. In this case the supplier can also be the body which issues the cards and 
processes the transactions. 
5 Although with known methods a check is made to determine whether the user is 

authorised to make payments (adequate balance, correct credit card number), these methods 
do not offer the possibility for the user to check whether the party receiving the payment 
is authorised. 

In one embodiment of the invention the third computer application also includes at 
10 least one verification code associated with the card number in the fourth message in step 
(d) and in step (e) the second computer application also asks for confirmation that the at 
least one verification code transmitted corresponds to the at least one verification code 
specified on the card and the latter application includes the resuh of this in the fifth 
message. 

15 This embodiment has the advantage that bilateral authorisation takes place. There is 

not only a check to determine whether the user is authorised to make payments, there is 
also a check to determine whether the body which is processing the transactions (with the 
aid of the third computer application) is authorised. 

In a further embodiment, the fourth message contains the amount to be paid and/or 

20 the balance on the card and the second computer application displays the amount to be paid 
and/or the balance on the card to the user after receipt of the fourth message. This 
provides the user with additional ease of use and a further possibility for checking the 
transaction. 

In a further embodiment each message is provided with a transaction identifier. This 
25 makes it possible for the third computer application to process multiple transactions 
simultaneously. 

In a further embodiment of the method according to the invention, the contents or 
part of the contents of one or more of the messages are/is encrypted, so that the contents 
of the messages cannot be decoded by others. This makes it possible to provide security 
30 for the exchange of messages if necessary. The level of security which is considered 
necessary can be adapted by selecting a specific type of encryption. 

A second aspect of the invention relates to a medium which is suitable for performing 
the method according to the invention, characterised in that the medium contains at least 
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one card number and at least one security code with associated serial number. 

A further embodiment of the medium also contains at least one verification code. 

Because all data required to perform the method according to the present invention 
are contained on the medium according to a second aspect of the invention, it is possible 
5 to process transactions without special facilities in the form of equipment, software, 
registration, etc. being required for this. 

In one embodiment the medium according to the present invention is constructed in 
the form of a printed card, the data being printed on the card. It is also possible to specify 
the data on a card in such a way that said data can be read with the aid of generally 
10 available equipment. In this context consideration can be given to a magnetic card, a smart 
card or a card provided with barcodes. 

In a further embodiment of the present invention, the medium is constructed as a 
computer-readable medium, such as, for example, a diskette or a CD-ROM. 

The present invention will now be explained with reference to a preferred 
15 embodiment and the appended drawings, in which: 

Fig. 1 shows a preferred embodiment of a card containing the data which a user 
requires in order to be able to perform the method according to the invention; 

Fig. 2 shows a diagram of the systems involved in a transaction according to the 
present invention. 

20 Fig. 1 shows a preferred embodiment of a card 1 containing the data which a user 

requires in order to be able to perform the method according to the invention. The card 
1 specifies a card number 2 (which can be a nimieral or an alphanumeric sequence) and 
several, in this case six, arbitrarily chosen security codes 4, which are indicated by a serial 
number 3. In addition the card 1 specifies a verification code 5. The numbers associated 

25 with a card (card number 2, security codes 4 with associated serial number 3 and the 
verification code 5) are otherwise known only to the body which issues the cards 1 and 
performs the transactions. 

In its simplest embodiment, the card 1 is a small-format card with the data required 
for performing the method according to the invention printed thereon. It is also possible 

30 to specify the data on a card in such a way that said data can be read with the aid of 
generally obtainable equipment. In this context consideration can be given to a magnetic 
card, a smart card or a card provided with barcodes. In a further embodiment of the 
present invention, the data which are needed to perform the method according to the 
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invention are stored on a computer-readable medium, such as, for example, a diskette or 
a CD-ROM. 

Fig, 2 shows a diagram of the systems involved in a payment in accordance with the 
method of the present invention. A supplier's computer 11, which runs the first computer 
5 application, a user's computer 12, which runs the second computer application, and a 
transaction computer 13, which runs the third computer application, are shown. The 
computers 11, 12, 13 are linked to one another via a network 10, for example the Internet. 
The computers are generally known computers which are provided with input means such 
as a mouse and keyboard and a monitor for displaying information. 

10 It will be obvious to a person skilled in the art that the communication between the 

transaction computer 13 and the user's computer 12 can also proceed via the supplier's 
computer 11. It will also be obvious that the supplier himself can be the body which issues 
the cards 1 and performs the transactions. The first and third computer applications can 
then be implemented on one computer. 

15 Via the network 10, the user is connected, with the aid of the user's computer 12, to 

a supplier's computer 11 and is able, for example with the aid of a further computer 
application, to use the supplier's computer 11 to view what services and/or products are 
offered by the supplier. As soon as the time at which payment has to be made (in money 
or other units) has been reached, a payment module on the transaction computer 13 is 

20 activated from the further computer application on the supplier's computer 11 by 
transmitting a first message. By means of this transmission the sum or the number of units 
to be paid is/are passed on by the first computer application on the supplier's computer 11. 
By means of a second message, the payment module on the transaction computer 13 
activates a payment module on the user's computer 12 which asks the user to enter the card 

25 number 2. This information is transmitted in a third message to the payment module on 
the transaction computer 13, which checks whether the card number has an active status. 
The payment module on the transaction computer 13 then compiles a fourth message for 
the payment module on the user's computer 12, which message incorporates at least the 
serial number 3, selected by the payment module on the transaction computer 13, of the 

30 security code 4 to be checked and an alphanumeric value of arbitrary composition. On 
receipt of the fourth message, the payment module on the user's computer 12 will ask the 
user to enter the security code 4 which has the serial number 3 indicated in the message 
from the transaction computer 13. The alphanumeric value of arbitrary composition 
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received in the fourth message from the transaction computer 13 is, if necessary, encrypted 
by the payment module on the user's computer 12 with the aid of the security code 4 
entered. Said encrypted value is sent back by the user's computer 12 in a fifth message to 
the transaction computer 13, where it is compared with an encrypted value that has been 
5 calculated by the payment module on the transaction computer 13. If the received and 
calculated encrypted values are identical, this confirms that the user has entered the correct 
security code 4. The payment module on the transaction computer 13 will send a sixth 
message to the payment module on the user's computer 12 to confirm that payment has 
been made. Furthermore, the payment module on the transaction computer 13 sends the 
10 sixth message to the application on the supplier's computer 11 in which payment is 
confirmed. 

If the outstanding balance on a card 1 is insufficient to process a transaction, steps 
(c) to (f) of the method can be repeated with another card 1. 

In a preferred embodiment the fourth message also contains a verification code 5 
15 associated with the card number. The user's computer 12 displays this verification code 
5 to the user and asks the user to confirm that this code corresponds to the verification 
code 5 specified on the payment card 1. The confirmation or denial of correspondence is 
then included by the user's computer 12 in the fifth message and transmitted to the 
transaction computer 13. This provides the user with an opportunity to check whether the 
20 transaction computer 13 is authorised to perform transactions. In one embodiment the sum 
or the number of units to be paid and the current balance on the card are also included in 
said message. This is then displayed by the user's computer 12 for checking by the user. 

In a further embodiment, all messages which are exchanged in the context of the 
method are provided with a transaction number. This simplifies the identification of a 
25 specific payment and makes it possible for the transaction computer 13 to handle multiple 
transactions simultaneously. 

In one embodiment the contents or part of the contents of the messages which are 
exchanged in the method according to the invention can be encrypted by means of a 
suitable encryption mechanism. The level of security can be chosen by selecting a specific 
30 type of encryption mechanism. 
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1. Method for processing a transaction between a first computer application and 
a second computer application, characterised in that the method comprises the following 

5 steps: 

(a) transmission of a first message by the first computer application (11) to a third 
computer application (13) in order to activate a payment program on the third computer 
application (13); 

(b) transmission of a second message by the third computer application (13) to the 
10 second computer application (12) in order to activate a payment program on the second 

computer application (12); 

(c) a request by the second computer application (12) for input of a card number 
(2), which is specified on a card (1), by the user, after which the second computer 
application (12) then transmits a third message containing the card number (2) to the third 

15 computer application (13); 

(d) checking of the card number (2) and determination of the serial npmber (3) of 
one of a plurality of associated security codes (4) by the third computer application (13), 
after which the third computer application (13) transmits a fourth message to the second 
computer application (12), the fourth message containing the serial number (3) of the 

20 security code (4); 

(e) a request by the second computer application (12) to the user to enter that 
security code (4) specified on the card (1) which is associated with the serial number (3) 
transmitted, after which the second computer application (12) transmits a fifth message 
containing the security code (4) to the third computer application (13); 

25 (f) checking by the third computer application (13) that the security code (4) 

associated with the serial number (3) and card number (2) corresponds to the security code 
(4) received from the second computer application (12), after which a sixth message is 
transmitted by the third computer application (13) to the first (11) and second (12) 
computer applications, the sixth message containing an acceptance or refusal of the 

30 transaction. 

2. Method according to Claim 1, characterised in that the computer applications 
are implemented on at least two computers (11; 12; 13) which are linked to one another 
via a network (10). 
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3. Method according to Claim 2, characterised in that the messages are transmitted 
via the Internet. 

4. Method according to Claim 1, 2 or 3, characterised in that the third computer 
application (13) also includes at least one verification code (5) associated with the card 

5 number (2) in the fourth message in step (d) and in step (e) the second computer 
application (12) also asks for confirmation that the at least one verification code (5) 
transmitted corresponds to the at least one verification code (5) specified on the card (1) 
and includes the result of this in the fifth message. 

5. Method according to one of the preceding claims, characterised in that the 
10 fourth message contains the amount to be paid and in that the second computer application 

(12) displays the amount to be paid to the user after receipt of the fourth message. 

6. Method according to one of the preceding claims, characterised in that the 
fourth message contains the balance on the card and in that the second computer 
application (12) displays the balance on the card to the user after receipt of the fourth 

15 message. 

7. Method according to one of the preceding claims, characterised in that each 
message is provided with a transaction identifier. 

8. Method according to one of the preceding claims, characterised in that the 
contents or part of the contents of one or more of the messages are/is encrypted. 

20 9. Medium for application of the method according to one of Claims 1 to 8, 

characterised in that the medium contains a card number (2) and at least one security code 

(4) with associated serial number (3). 

10. Medium according to Claim 9, characterised in that the medium also contains 

at least one verification code (5). 
25 11. Medium according to Claim 9 or 10, characterised in that the medium is a 

printed card (1). 

12. Medium according to Claim 9 or 10, characterised in that the medium is a 
computer-readable medium. 



wo 99/42961 



PCT/NL99/00060 



1/1 



fig-l 



® Enter your card number 1031 6842 1161 



® Enter the requested VIN-key: 

O 172 963 O 773 912 
© 740 177 e 882 091 - 
® 040 781 O 100 231 



^^^^ 1 



® Check the VIN-code displayed: 617 116 

ffthe VlN-code is not displayed or is disptayed incomcUy 
refuse the payment and contact PayWeb immediately on 
0800-234567 

@ Confinn or cancel the payment 



fia-E 




INTERNATIONAL SEARCH REPORT 



Inten >nai Application No 

PCT/NL 99/00060 



A. CLASSIFICATION OF SUBJECT MATTER 

IPC 6 G07F7/10 



According to international Patent Classification (iPC) or to both national classif ication and IPC 
B. FIELDS SEARCHED 



Minimum documentation searched (classification system followed by classification symbols) 

IPC 6 G07F 



Documentation searched other than minimum documentation to the e)ctent that such documents are Included in the fields searched 



Electronic data base consulted during the international search (name of data base and, where practical, search terms used) 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category * 


Citation of document, with indication, where appropriate, of the relevant passages 


Relevant to claim No. 


A 


US 5 692 132 A (HOGAN EDWARD J) 

25 November 1997 

see claim 1; figure 1 


1-12 


A 


EP 0 814 441 A (FRANCE TELECOM) 

29 December 1997 

see claim 1; figure 1 


1-12 


A 


US 5 163 098 A (DAHBURA ABBUD S) 

10 November 1992 

see claim 1; figure 1 


1-12 


A 


US 5 590 197 A (CHEN JAMES F ET AL) 

31 December 1996 

see claim 1; figure 1 


1-12 



I X I f^^rther documents are listed in the continuation of box C. 



Patent family members are listed in annex. 



' Special categories of cited documents : 



A" document defining the general state of the art which is not 
considered to be of particular relevance 

E" earlier document but published on or after the international 
filing date 



"L" document which may throw doutDts on priority ciaim(s) or 
which is cited to establish the publication date of another 
citation or other special reason (as specified) 

"O" document referring to an oral disclosure, use, exhibition or 
other means 

"P" document published prior to the international filing date but 
later than the priority date claimed 



"T" later document published after the international filing date 
or priority date and not in conflict with the application but 
cited to understand the principle or theory underlying the 
invention 

"X" document of particular relevance; the claimed invention 
cannot be considered novel or cannot be considered to 
involve an inventive step when the document is taken alone 

"Y" document of particular relevance; the claimed Invention 

cannot be considered to invoivo an inventive step when the 
document Is combined with one or more other such docu- 
ments, such combination being obvious to a person skilled 
in the art. 

"&" document member of the same patent family 



Date of the actual completion of the intematlonal search 

6 May 1999 


Date of mailing of the International search report 

14/05/1999 


Name and mailing address of the ISA 

European Patent Office, P.B. 5818 Patentlaan2 
NL - 2280 HV Rijswijk 
Tel. (+31-70) 340-2040, Tx. 31 651 epo nl. 
Fax: (+31-70) 340-3016 


Authorized officer 

Kirsten, K 



page 1 of 2 



1 



INTERNATIONAL SEARCH REPORT 


Interr. >nal Application No 

PCT/NL 99/00060 


C.(Coiitinu 


ation) DOCUMENTS CONSIDERED TO BE RELEVANT 


Category " 


Citation of document, with Indication.whers appropriata, of the relevant pasaages 


Relevant to claim No. 


A 
A 
A 
A 


US 5 650 604 A (MARCOUS NEIL P ET AL) 

22 July 1997 

see claim 1; figure 1 

EP 0 590 861 A (AMERICAN TELEPHONE & 
TELEGRAPH) 6 April 1994 
see claim 1; figure 1 

US 5 477 038 A (CLARK HELEN ET AL) 

19 December 1995 

see claim 1; figure 1 

SIRBU M ET AL: "NETBILL: AN INTERNET 
COMMERCE SYSTEM OPTIMIZED FOR NETWORK 
DELIVERED SERVICES" 

DIGEST OF PAPERS OF THE COMPUTER SOCIETY 
COMPUTER CONFERENCE (SPRING) COMPCON, 
TECHNOLOGIES FOR THE INFORMATION 
SUPERHIGHWAY SAN FRANCISCO, MAR. 5 - 9, 
1995, 

no. CONF. 40, 5 March 1995, pages 20-25, 
XP000577034 

INSTITUTE OF ELECTRICAL AND ELECTRONICS 

ENGINEERS 

see figure 2 


1-12 
1-12 
1-12 
1-12 



Form PCT/ISA/21 0 (contfnuatton of second sheet) (July 1 992) 



page 2 of 2 



INTERNATIONAL SEARCH REPORT 

information on patent family members 



Inter. jnai Application No 

PCT/NL 99/00060 



Patent document 




Publication 


Patent family 




Publication 


cited in search report 




date 


member(s) 




date 


US 5692132 


A 


25-11-1997 


AU 


5179996 


A 


30-12-1996 








EP 


0834144 


A 


08-04-1998 








Wu 


9641286 


A 


19-12-1996 


EP 0814441 


A 


29-12-1997 


CD 

r K 


2750274 


A 


26-12-1997 








1 D 

Jr 


10079006 


A 


24-03-1998 


US 5163098 


A 


10-11-1992 




2264377 A,B 


25-08-1993 


US 5590197 


A 


31-12-1996 


NONE 








US 5650604 


A 


22-07-1997 


A i 1 

All 


687671 


B 


26-02-1998 








A 1 1 

AU 


4981096 


A 


11-09-1996 








D D 

dK 


i7DUOO / c. 


A 
M 


23-12-1997 








CA 




A 


29-08-1996 








CN 




A 
r\ 


11-03-1998 








cz 




A 
rt 


12-11-1997 








EP 


nfti 1711 


A 
rt 


10-12-1997 








C T 

r 1 


973430 


A 


21-08-1997 








Jr 


11500845 


T 


19-01-1999 








NO 


973856 


A 


21-08-1997 








NZ 


303483 


A 


27-04-1998 








PL 


321936 


A 


05-01-1998 








CI/' 

SK 


111297 


A 


14-01-1998 








\Af\ 

WO 


9626508 


A 


29-08-1996 


EP 0590861 


A 


06-04-1994 


CA 


2100134 


A 


30-03-1994 








JP 


7129671 


A 


19-05-1995 








MX 


9305830 


A 


30-06-1994 








US 


5485510 


A 


16-01-1996 


US 5477038 


A 


19-12-1995 


AU 


686276 


B 


05-02-1998 








AU 


1039795 


A 


22-05-1995 








CA 


2174951 


A 


04-05-1995 








EP 


0738404 


A 


23-10-1996 








JP 


9504396 


T 


28-04-1997 








WO 


9512169 


A 


04-05-1995 



Form PCT/ISA«10 (patent family annex) (July 1992) 



